diff --git a/src/node/db/SecurityManager.js b/src/node/db/SecurityManager.js
index 781f47e85..226283af1 100644
--- a/src/node/db/SecurityManager.js
+++ b/src/node/db/SecurityManager.js
@@ -126,7 +126,7 @@ exports.checkAccess = async function(padID, sessionCookie, token, password, user
     return DENY;
   }
 
-  const passwordExempt = settings.sessionNoPassword && sesionAuthorID != null;
+  const passwordExempt = settings.sessionNoPassword && sessionAuthorID != null;
   const requirePassword = pad.isPasswordProtected() && !passwordExempt;
   if (requirePassword) {
     if (password == null) {